Effective authentication for enabling access to a secure network service typically considers a three-pronged approach: 1) something you know; 2) something you have; and 3) something you are. While most authentication methods rely on “something you know,” i.e., a login ID and a password, incorporating an additional prong can result in more reliable and more secure authentication. Hardware tokens, such as the RSA SecurID® token, provide an easy way to implement the “something you have” authentication prong. A token will generate a time-sensitive authentication code that must be used within a certain amount of time, or the token will discard the code and will generate another code. It is presumed that the authorized user of a hardware token will safeguard the token. However, it is not always cost-effective or secure to provide hardware tokens to each and every user of a secure network service. Hardware tokens can be lost or stolen, and individual tokens are difficult to track.
What is therefore needed is a way to implement an authentication method that does not require the distribution of hardware tokens. What is needed is an authentication method that can utilize a device that may already be in the user's possession.